The problem with ordinary mailto is that it leaves e-mail address exposed to spamming spiders unless it is constructed dynamically using clientside scripting. Actually this is the way spammers used to harvest millions of valid e-mail addresses some time ago. Even if you change @ to [at] or whatever else, this is not going to protect from spammer search engines anymore, because it is too easy to decode... I am not sure for how long it will be safe encoding html documents in base64 or utf. The source is human unreadable, but spiders may look for known patterns and decode it later. And it would be a loss disabling Javascript ;-) on many websites, including Google maps, scientific online apps and others... Unless user is able to automatically enable it selectively for trusted sites without messing with browser settings each time. In fact I haven't seen any user/machine obeying this recommendation. Then the only safe way (I have been using this for a long time on my personal site) is displaying e-mail address as image. But then users would have enter it manually. Well, if one really needs to contact me he would probably spend a few seconds of writing. Viktoras -------Original Message------- From: Jaqui Greenlees Date: 06/24/06 12:18:54 To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] How to deny access based on user agent - help --- Viktoras Didziulis <viktoras@xxxxxxxxxx> wrote: Two things to concider in this though. 1) The Internet Security groups have all, for the last two years, been saying to turn off all clientside scripting, since all current clientside scripting technologies are severe security risks. 2) why not just use a simple mailto instead of a form. no site security breaches. a confirmed email address to have an autorespond message go to so it doesn't get submitted multiple times. The client can easily define their issue in detail, since the limitations of most forms are gone. Jaqui __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|